Author Description

Innovative Technology Solutions is the company which provides training to individual, corporate and colleges on IT and professional skills. Besides training ITS is having training rooms available in all corporate hubs of India for corporate training needs.

Introduction to GDPR: The Who, What, When, Why, and Where of GDPR

Why IT professional should learn about GDPR - it is law in all countries that are members of European Union (EU) and the countries working with European Union or having clientele in European Union countries.

Why IT professional should learn about GDPR - it is law in all countries that are members of European Union (EU) and the countries working with European Union or having clientele in European Union countries.

Why GDPR Exist - the core reason to protect the people fundamental rights i.e. Right of Privacy.

Why do we need GDPR - EU Data protection passed in 1995 and as technology evolves there is so many changes in data.

Whom it apply - GDPR applies to organizations that do anything with data about people.

OR

It apply all the organization in EU and all those organization who works with EU i.e. offering goods and services in EU or monitoring behavior.

OR

Simply to say GDPR applies to all organization inside EU or Outside EU who works with people of EU.

GDPR have 06 principles

Data uses is fair and expected

Just have data that's Necessary

All data must be accurate

Delete when finished

Keep data secure

BE accountable.

What is the risk of non-compliance to GDPR?

1. Reputation - if organization is not complaint with GDPR it means people might not trust that company.

2. Fine and penalties if not following GDPR - fine could be Euro 20 million or 4% global turnover of organization

3. Liability risk - people / customer who are using organization services they can sue the organization if there data is misused or leaked.

In each country has a local Data protection authority. In India there is no such authority but Data protection covers under the IT ACT (70). It is punishable offence and person can get jail term for 3 year or fine of Rs. 5,00,000/-

Let's understand GDPR in detail -

GDPR Article 1 - "This regulation lays down rules relating to the protection of living humans with regard to processing anything with personal Data... "

Data subjects - it's the data of the people whom they work for and who are working for them means customers or employees

Data controller - means where the data controls i.e. information once you login, your work and act you perform

Data processors - where data process, like organization are using cloud services to process the data, it could be AWS or any cloud. Both Data controllers and Data Processors process (do anything with) personal Data. Companies or government can be data controllers or processors.

GDPR regulations -

GDPR splits in to 02 parts

Recitals - 173 recitals in count

Articles - 99 articles in count

GDPR principles in details

1). Fair and expected - let's discuss in detail, the all processing of data is lawful, fair and transparent. Transparent means - when you are collecting data you should tell people what are you going to do with data, and why.

2). Fair - balancing the fundamental rights and freedoms of person whose data it is, with the rights of holding his/her data for further processing means, A financial website can't share people personal data with other companies without consent of people.

3) Lawful - there are six reasons of processing the data -

Consent from data subject

Contract from data subject

Legal obligation - companies are bound to share data with government authorities.